Sometimes, the key to technological advancement is decidedly old-school.
Security information and event management (SIEM) is an essential component of any enterprise-level security toolbox—especially as the cybersecurity paradigm shifts from a prevention-based model to a detection model.
Making sure your team understands your SIEM solution is a significant and vital hurdle. SIEM does have a reputation, perhaps well-deserved, for being the most complicated of the cybersecurity fields. Your IT security team needs to understand how to manage new capabilities in your SIEM solution in order to best understand how to protect your enterprise.
There are loads of free resources available online (such as Solutions Review’s best practices articles, solutions directories, and buyer’s guides), and those resources are great, but sometimes it’s best to do things the old-fashioned way… and there are few resources that can match the in-depth, comprehensive detail of good SIEM books.
We compiled a short list of the top introductory SIEM books. We tried to keep our selection of SIEM books to within the past 5 years, and that each is its own kind of rewarding reading experience. All of them focus on what must seem like the left or right of SIEM, yet SIEM is a broad and expanding field. Network monitoring, incident response, and security operations centers all fall under its purview.
Applied Network Security Monitoring: Collection, Detection, and Analysis
By Chris Sanders and Jason Smith
Network security monitoring is based on the principle that prevention eventually fails. In the current threat landscape, no matter how much you try, motivated attackers will eventually find their way into your network. At that point, your ability to detect and respond to that intrusion can be the difference between a small incident and a major disaster.
You can purchase Chris Sanders’ and Jason’s Smith’s Applied Network Security Monitoring: Collection, Detection, and Analysis here.
The Practice of Network Security Monitoring: Understanding Incident Detection and Response
By Richard Bejtlich
Whether you count this among endpoint security books or SIEM books, a valuable read.
Network security is not simply about building impenetrable walls—determined attackers will eventually overcome traditional defenses. The most effective computer security strategies integrate network security monitoring (NSM): the collection and analysis of data to help you detect and respond to intrusions.
You can purchase Richard Bejtlich’s The Practice of Network Security Monitoring: Understanding Incident Detection and Response here.
Security Operations Center – Analyst Guide: SIEM Technology, Use Cases and Practices
By Arun E. Thomas
Security analytics can be defined as the process of continuously monitoring and analyzing all the activities in your enterprise network to ensure the minimal number of occurrences of security breaches. [The] Security Analyst is the individual that is qualified to perform the functions necessary to accomplish the security monitoring goals of the organization. This book is intended to improve the ability of a security analyst to perform their day to day work functions in a more professional manner.
You can purchase Arun E. Thomas’ Security Operations Center – Analyst Guide: SIEM Technology, Use Cases and Practices here.
Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
By Don Murdoch GSE
This book can be counted among both SIEM books and cybersecurity books in general. It is an essential read to security team members.
The BTHb includes essential information in a condensed handbook format. Main topics include the incident response process, how attackers work, common tools for incident response, a methodology for network analysis, common indicators of compromise, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, packet headers, and numerous other quick reference topics.
You can purchase Don Murdoch’s Blue Team Handbook here.
Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
By Jeff Bollinger, Brandon Enright, and Matthew Valites
One common topic among our SIEM books is incident response, and it is no surprise why. Being able to detect and respond to a threat that has already penetrated your network is of the utmost importance.
Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.
You can purchase Jeff Bollinger’s, Brandon Enright’s, and Matthew Valites’ Crafting the InfoSec Playbook here.
Digital Forensics and Incident Response: A practical guide to deploying digital forensic techniques in response to cyber security incidents
By Gerard Johansen
Digital Forensics and Incident Response will guide you through the entire spectrum of tasks associated with incident response, starting with preparatory activities associated with creating an incident response plan and creating a digital forensics capability within your own organization.
You can purchase Gerard Johansen’s Digital Forensics and Incident Response here.
Intelligence-Driven Incident Response: Outwitting the Adversary
By Scott J. Roberts and Rebekah Brown
Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you’ll learn the fundamentals of intelligence analysis…
You can purchase Scott J. Robert’s and Rebekah Brown’s Intelligence-Driven Incident Response here.
Think Like a Hacker: A Sysadmin’s Guide to Cybersecurity
By Michael J. Melone and Dr. Shannon Zinck
Targeted attack and determined human adversaries (DHA) have changed the information security game forever. Writing secure code is as important as ever; however, this satisfies only one piece of the puzzle. Effective defense against targeted attack requires IT professionals to understand how attackers use – and abuse – enterprise design to their advantage. Learn how advanced attackers break into networks.
You can purchase Michael J. Melone’s and Dr. Shannon Zinck’s Think Like a Hacker: A Sysadmin’s Guide to Cybersecurity here.
Latest posts by Ben Canner (see all)
- How SIEM Improves Business Incident Response Plans - June 3, 2020
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020